Faraday alternatives

Looking for a better tool, or simply want to learn about alternatives? There is typically more than one option.

Alternatives (by tag)

84

Alternative: APT2 (apt2)

APT2 is a tool written by Adam Compton and Austin Lane to help pentesters automate mundane scanning tasks. It leverages scan results from Nexpose, Nessus, or Nm

APT2 stands for Automated Penetration Testing Toolkit.

APT2 performs a scan with Nmap or can import the results of a scan from Nexpose or Nessus. The processed results will be used in the second phase. This phase launches exploit and enumeration modules. It helps pentesters to automate assessments and tasks.

Suggested components to have installed: convert, dirb, hydra, java, john, ldapsearch, msfconsole, nmap, nmblookup, phantomjs, responder, rpcclient, secretsdump.py, smbclient, snmpwalk, sslscan, xwd

Project details

APT2 is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • penetration test
  • security assessment

APT2 project page

74

Alternative: BeEF

The Browser Exploitation Framework (or BeEF) is a penetration testing tool that focuses on the web browser.

BeEF is used by penetration testers to assess the security of a system by leveraging the web browser. This makes the tool different to many other tools, as it ignores the security on network or system level. It uses command modules from within the web browser to perform requested attacks against the system.

60

Alternative: InstaRecon

InstaRecon is a security tool that can help with the reconnaissance phase of a penetration test. It can collect a number of data points with limited input.

Project details

InstaRecon is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • penetration test
  • reconnaissance

InstaRecon project page

78

Alternative: Metasploit Framework

Metasploit is a framework that consists of tools to perform security assignments. It focuses on the offensive side of security and leverages exploit modules.

Project details

Metasploit Framework is written in Ruby.

Strengths

  • + More than 400 contributors
  • + More than 9000 stars
  • + Many maintainers
  • + The source code of this software is available
  • + Supported by a large company
  • + Well-known tool

Typical usage

  • penetration test
  • security assessment
  • vulnerability scanning

Metasploit Framework project page

80

Alternative: OWTF (Offensive Web Testing Framework)

The OWTF project (Offensive Web Testing Framework) unites tools for penetrating testing. Most parts are written in Python.

OWTF is short for Offensive Web Testing Framework and it is one of the many OWASP projects to improve security.

Project details

OWTF is written in Python.

Strengths

  • + More than 25 contributors
  • + More than 500 GitHub stars
  • + The source code of this software is available

Typical usage

  • penetration test
  • security assessment

OWTF project page

56

Alternative: p0f

P0f is a security tool that utilizes passive traffic fingerprinting mechanisms to identify the systems behind any incidental TCP/IP communications.

This tool is a great addition to nmap, especially if that reveals not reliable data or none at all. Due to the passive way of working, it won't be detected nor influences any connection.

- Version 3 of p0f is a full rewrite
- The idea for p0f dates back to June 10, 2000
- Tool can run in foreground or as a daemon process

Common uses for p0f include reconnaissance during penetration tests; routine network monitoring; detection of unauthorized network interconnects in corporate environments; providing signals for abuse-prevention tools; and miscellaneous forensics.

Project details

Strengths

  • + Project is mature (10+ years)
  • + The source code of this software is available
  • + Well-known tool

p0f project page

89

Alternative: SearchSploit

Exploit-DB's CLI search tool to find any exploits from the database. The tool is written in shell script and maintained by Offensive Security.

Project details

SearchSploit is written in shell script.

Strengths

  • + Used language is shell script

Weaknesses

  • - Full name of author is unknown

Typical usage

  • information gathering
  • penetration test

SearchSploit project page

78

Alternative: Sn1per

Sn1per is security scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.

Project details

Sn1per is written in Python, shell script.

Strengths

  • + More than 10 contributors
  • + More than 1000 GitHub stars
  • + The source code of this software is available

Weaknesses

  • - Unknown project license

Typical usage

  • penetration test
  • reconnaissance

Sn1per project page

67

Alternative: 360-FAAR

Supported firewall configurations

  • Checkpoint FW1
  • Cisco ASA
  • Netscreen ScreenOS

76

Alternative: Scout2

Scout2 is a security tool to assess the security of an AWS environment. It can be used for system hardening and IT audits.

Project details

Scout2 is written in Python.

Strengths

  • + More than 10 contributors
  • + More than 500 GitHub stars

Typical usage

  • IT audit
  • security assessment
  • self-assessment
  • system hardening

Scout2 project page

60

Alternative: sysechk (System Security Checker)

System Security Checker, or sysechk, is a tool to perform a system audit against a set of best practices. It uses a modular approach to test the system.

Project details

sysechk is written in shell script.

Strengths

  • + Used language is shell script
  • + The source code of this software is available

Typical usage

  • IT audit
  • system hardening

sysechk project page

93

Alternative: WordPress Exploit Framework (WPXF)

The WordPress Exploit Framework (WPXF) is a framework written in Ruby. As the name implies, it aids in pentesting WordPress installations.

This framework is a tool that can be used as part of the pentesters toolbox. When running the tool, you will have to define a host, exploit, and payload. The tool is less friendly for beginners, but more experienced pentesters will find no difficulty in using it.

Project details

WordPress Exploit Framework is written in Ruby.

Strengths

  • + The source code of this software is available

Weaknesses

  • - Has longer learning curve

Typical usage

  • penetration test
  • security assessment
  • vulnerability scanning

WordPress Exploit Framework project page